@riocrypto/common-server 1.0.2741 → 1.0.2743

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/helpers/get-is-fireblocks-signature-valid.d.ts +1 -1
  2. package/build/helpers/get-is-fireblocks-signature-valid.js +28 -26
  3. package/package.json +3 -2
package/build/helpers/get-is-fireblocks-signature-valid.d.ts CHANGED
@@ -1,2 +1,2 @@
1
1
  import { Request } from "express";
2
- export declare const getIsFireblocksWebhookValid: (req: Request) => boolean;
2
+ export declare const getIsFireblocksWebhookValid: (req: Request) => Promise<boolean>;
package/build/helpers/get-is-fireblocks-signature-valid.js CHANGED
@@ -1,33 +1,35 @@
1
1
  "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
4
10
  };
5
11
  Object.defineProperty(exports, "__esModule", { value: true });
6
12
  exports.getIsFireblocksWebhookValid = void 0;
7
- const crypto_1 = __importDefault(require("crypto"));
8
- const publicKey = `-----BEGIN PUBLIC KEY-----
9
- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0+6wd9OJQpK60ZI7qnZG
10
- jjQ0wNFUHfRv85Tdyek8+ahlg1Ph8uhwl4N6DZw5LwLXhNjzAbQ8LGPxt36RUZl5
11
- YlxTru0jZNKx5lslR+H4i936A4pKBjgiMmSkVwXD9HcfKHTp70GQ812+J0Fvti/v
12
- 4nrrUpc011Wo4F6omt1QcYsi4GTI5OsEbeKQ24BtUd6Z1Nm/EP7PfPxeb4CP8KOH
13
- clM8K7OwBUfWrip8Ptljjz9BNOZUF94iyjJ/BIzGJjyCntho64ehpUYP8UJykLVd
14
- CGcu7sVYWnknf1ZGLuqqZQt4qt7cUUhFGielssZP9N9x7wzaAIFcT3yQ+ELDu1SZ
15
- dE4lZsf2uMyfj58V8GDOLLE233+LRsRbJ083x+e2mW5BdAGtGgQBusFfnmv5Bxqd
16
- HgS55hsna5725/44tvxll261TgQvjGrTxwe7e5Ia3d2Syc+e89mXQaI/+cZnylNP
17
- SwCCvx8mOM847T0XkVRX3ZrwXtHIA25uKsPJzUtksDnAowB91j7RJkjXxJcz3Vh1
18
- 4k182UFOTPRW9jzdWNSyWQGl/vpe9oQ4c2Ly15+/toBo4YXJeDdDnZ5c/O+KKadc
19
- IMPBpnPrH/0O97uMPuED+nI6ISGOTMLZo35xJ96gPBwyG5s2QxIkKPXIrhgcgUnk
20
- tSM7QYNhlftT4/yVvYnk0YcCAwEAAQ==
21
- -----END PUBLIC KEY-----`.replace(/\\n/g, "\n");
22
- const getIsFireblocksWebhookValid = (req) => {
23
- const signature = req.headers["fireblocks-webhook-signature"];
24
- if (!signature) {
13
+ const jose_1 = require("jose");
14
+ const JWKS = (0, jose_1.createRemoteJWKSet)(new URL("https://keys.fireblocks.io/.well-known/jwks.json"));
15
+ const getIsFireblocksWebhookValid = (req) => __awaiter(void 0, void 0, void 0, function* () {
16
+ const jwsSignature = req.headers["fireblocks-webhook-signature"];
17
+ if (!jwsSignature || typeof jwsSignature !== "string") {
25
18
  return false;
26
19
  }
27
- const message = JSON.stringify(req.body);
28
- const verifier = crypto_1.default.createVerify("RSA-SHA512");
29
- verifier.write(message);
30
- verifier.end();
31
- return verifier.verify(publicKey, signature, "base64");
32
- };
20
+ const rawBody = req.rawBody;
21
+ if (!rawBody) {
22
+ return false;
23
+ }
24
+ try {
25
+ const [header, , sig] = jwsSignature.split(".");
26
+ const payload = Buffer.from(rawBody).toString("base64url");
27
+ const fullJws = `${header}.${payload}.${sig}`;
28
+ yield (0, jose_1.compactVerify)(fullJws, JWKS);
29
+ return true;
30
+ }
31
+ catch (_a) {
32
+ return false;
33
+ }
34
+ });
33
35
  exports.getIsFireblocksWebhookValid = getIsFireblocksWebhookValid;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@riocrypto/common-server",
3
- "version": "1.0.2741",
3
+ "version": "1.0.2743",
4
4
  "description": "",
5
5
  "main": "./build/index.js",
6
6
  "types": "./build/index.d.ts",
@@ -28,7 +28,7 @@
28
28
  "@google-cloud/secret-manager": "^5.3.0",
29
29
  "@google-cloud/storage": "^6.9.5",
30
30
  "@hyperdx/node-opentelemetry": "^0.7.0",
31
- "@riocrypto/common": "^1.0.2534",
31
+ "@riocrypto/common": "^1.0.2535",
32
32
  "@types/express": "^4.17.13",
33
33
  "axios": "^1.7.4",
34
34
  "crypto-js": "^4.2.0",
@@ -39,6 +39,7 @@
39
39
  "fireblocks-sdk": "^5.13.0",
40
40
  "googleapis": "^135.1.0",
41
41
  "he": "^1.2.0",
42
+ "jose": "^6.2.2",
42
43
  "jsonwebtoken": "^9.0.1",
43
44
  "lodash": "^4.17.21",
44
45
  "mongoose": "8.7.2",